New gTLDs appearing in the root zone
Over the last month or so, new gTLDs (generic top level domains) have been added to the root zone by ICANN. This is the beginning of a process of adding a couple hundred new gTLDs which ICANN colleted applications for last year.
To get a full list of current valid gTLDs see http://newgtlds.icann.org/en/program-status/delegated-strings
It is up to the individual registrars who received the gTLDs to decide how to use them. Some are limited to particular organizations. Others are already available to the public for pre-registration.
This is important if you are doing more detailed input validation on domain names, for example to validate e-mail addresses. For example, the longest name I was able to spot was ".INTERNATIONAL" .
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
IPv6 and isc.sans.edu (Update)
About 4 years ago, I published a quick diary summarizing our experience with IPv6 at the time [1]. Back then, the IPv6 traffic to our site was miniscule. 1.3% of clients connecting to our server used IPv6. Since then, a lot has changed in IPv6. Comcast, one of the largest US ISPs and an IPv6 pioneer now offers IPv6 to more then 25% of its users [2] . Many mobile providers enable IPv6, and more users access our site from mobile devices then before. So I expected a bit of an increase in IPv6 traffic. Lets see what I found.
The short summary is: We do see A LOT more IPv6 traffic, but auto-configured tunnels pretty much went away (probably a good thing)
Overall, the number of IPv6 clients multiplied by about 3 and about 4% of requests received by our web server now arrive via IPv6. Given that we use a tunnel and proxy at this point to provide IPv6 access, we can only assume that there are more IPv6 capable clients out there but technologies like "happy eyeballs" make them prefer IPv4.
The difference is even more significant looking at tunnels. 6-to-4 tunnels only make up 0.3 % of all IPv6 requests, and Terredo is not significant (only about 100 requests total for all of last month). 2001::/16 remains the most popular /16 prefix, but 2002::/16 which was #2 in 2010 no longer shows up.
Within 2001::/16, Hurricane Electric (2001:470::/32) still dominates, indicating that we still have a lot of tunnels. But it is now followed by 2607:f740::/32 (Host Virtual) , 2401:c900::/32 (Softlayer) , 2a01:7a0::/32 (Velia) and 2607:f128::/32 (Steadfast).
As far as reverse DNS resolution goes, still only very few ISPs appear to have it configured for IPv6.
[1] https://isc.sans.edu/diary/IPv6+and+isc.sans.org/7948
[2] http://www.comcast6.net
and of course our IPv6 Security Essentials class.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Oracle Reports Vulnerability
I mentioned this vulnerability earlier this week in a podcast, but believe it deserves a bit more attention, in particular as exploits are now public, and a metasploit module appears in the works.
Dana Taylor (NI @root) released details about the vulnerabilities first in her blog [1]. The post included quite a bit of details about respecitve vulnerabilities. Extended support for Oracle 10g ended July 2013 and a patch is not expected.
If for some reason you are still running Oracle 10g or earlier, please check on possible workarounds or upgrade to 11g
The vulnerabilities were assigned following CVE numbers
CVE-2012-3153 - PARSEQUERY keymap vulnerabiilty
Oracle details (requires login): https://support.oracle.com/rs?type=doc&id=279683.1
CVE-2012-3152 - URLPARAMETER code execution
Please let us know if you have any workarounds to share, or if you have any logs showing exploit attempts.
[1] http://netinfiltration.com
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago